The security of your data is a top priority for Giełda Praw Majątkowych “Vindexus” S.A. For this reason, we have implemented the Information Security Policy along with the required procedures that aim to protect the personal data held by us. We have adapted the processing of personal data to the requirements of the Regulation (EU) no. 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the national laws, including the Personal Data Protection Act of 10 May 2018.

If your debt has been acquired by GPM “Vindexus” or any of the following investment funds: GPM VINDEXUS NFIZW, FUTURE NFIZW and ALFA NFIZW, represented by MEBIS TFI S.A., below you’ll find information about the purposes for which your personal data are processed and about your rights. Please read this information and if you have any additional questions, please contact our Data Protection Officer.

Personal Data

Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, PESEL number, ID card number.
The scope of your personal data processed by us will differ, depending on the data received by us from the party selling your debt or obtained in the course of the recovery proceedings. The categories of personal data that will be processed include in particular:
- your first name and last name,
- place and date of birth,
-address of residence and correspondence address,
-telephone number and email,
-PESEL number,
-name and number of your ID card, and in the case of foreigners - passport or residence card number,
contact addresses.

Personal data controller

1.    If your debt has been acquired by:
•    Giełda Praw Majątkowych “Vindexus” S.A.
, Giełda Praw Majątkowych ”Vindexus” S.A., with its registered seat at ul. Serocka 3 lok. B2, 04-333 Warszawa, is the Controller of your personal data.

2.    If your debt has been acquired by:
•    GPM Vindexus Non-Standardised Closed-End Securitisation Fund
•    Future Non-Standardised Closed-End Securitisation Fund
•    Alfa Non-Standardised Closed-End Securitisation Fund
, MEBIS TFI S.A., with its registered seat at ul. Grochowska 152/1, 04-329 Warszawa, is the Controller of your personal data.

Data Protection Officer

We have designated a Data Protection Officer (DPO) who can be contacted in all matters related to the processing of personal data and the exercise of the rights related to such processing. You can contact them by writing to the following address:
•    Michał Zinowski, Data Protection Officer at Giełda Praw Majątkowych „Vindexus” S.A., ul. Serocka 3 lok B2, 04-333 Warszawa, or send an email to: iod@gpm-vindexus.pl.
•    Michał Zinowski, Data Protection Officer at MEBIS TFI S.A., ul. Grochowska 152/1, 04-329 Warszawa, or send an email to: iodo@mebistfi.pl.

Legal basis for the processing of personal data

Your personal data will be processed when the processing is necessary to pursue a claim in connection with a legitimate interest of the Data Controller under Article 6(1)(f) GDPR and for compliance with the Controller’s legal obligation, i.e. storage of information for tax and accounting purposes under Article 6(1)(c) GDPR.

Categories of data recipients

The recipients of your personal data include providers of the following types of services: IT, accounting, banking, postal, private investigation, archiving and auditing services. Additionally, if Mebis TFI S.A is the Controller of your personal data, your data will also be received by Giełda Praw Majątkowych „Vindexus” S.A., ul. Serocka 3 lok. B2, 04-333 Warszawa.

Duration of processing

Your personal data will be processed for the period necessary to achieve the above-mentioned purposes of the processing. In light of the above, your personal data will be processed for a period during which the Controller is required by law to store the personal data  or for the time necessary for claims pursued based on the data to fall under statute of limitations, however not longer than 6 years.

Source of data

Your personal data were obtained from the original creditor based on an assignment agreement. To obtain the name of the party which transferred your data to us, please contact our Data Protection Officer.

Automated decision-making

We hereby inform that the processing of your personal data will not involve automated decision-making or profiling.

Transmission of your personal data outside the European Economic Area (EEA)

Your personal data will not be transmitted outside the European Economic Area.

Your rights regarding the processing of personal data

You have the right to access your data, to rectify and to erase them, to restrict processing of your personal data, the right to data portability and to object to processing of personal data, the right to withdraw your consent at any time without this affecting the lawfulness of processing (based on consent before its withdrawal);
you have the right to lodge an appeal with a supervisory body, i.e. the President of the Polish Personal Data Protection Office if you believe that processing of your personal data violates provisions of the generally applicable law.

Cookies Policy

Cookies are small text files which are stored on your end device (your computer, telephone or tablet) which you use to browse the Internet.
The website uses the followin types of cookies: session cookies. Session cookies are temporary files stored on the end device until the user logs out, leaves a website or closes their web browser window. They are set for purposes like remembering language preferences, contrast settings and for temporary hiding of pop-up messages on the website.
Cookies are also used by Smartsupp chat which may store and process files. It does not store any personal data in its files.

Here is a list of the cookies used:

cookie.ssupp.vid – Visitor ID (expiration period: 6 months)
ssupp.chatid – Conversation ID (expires when the browser window is closed)
ssupp.group – last group of visitor (expires when the browser window is closed)
ssupp.opened – is chat box opened (expires when the browser window is closed)
ssupp.barclicked – When chat box is opened, needed for automatic messages (expires when the browser window is closed)
ssupp.message – stores content in text area if page is refreshed (expires when the browser window is closed)
ssupp.unreaded – Number of unread messages (expires when the browser window is closed)
ssupp.position – Position of chat box, if moved by visitor (expires when the browser window is closed).